Android In The Enterprise: Here We Go Again


Way back in 2008, I attend a conference on mobile computing.  One of the events was sort of a focus group around sharing challenges that us IT folks have in the workplace.  The biggest issue was around people bringing in their personal iPhones and connecting them up to their corporate Exchange servers.  There were many questions around security and support of this new mobile platform (see blog post entitled iPhones in the Enterprise: What’s A Company To Do?).  Fast-forward to 2010.  I attended the same conference with a very similar focus group.  Many of the same concerns and question were shared, only this time the discussion focused on Android.

There is no doubt that Android is on a tear and its enterprise use will continue to grow.  Much like the early days of the iPhone, Android does offer some support of Exchange ActiveSync (EAS) policies.   For versions 2.1 and earlier,  the supported EAS policies varied by OEM, with third party applications providing some capabilities.  With Android version 2.2, some key policy and feature enhancements were added, including:

  • Support for numeric pin or alpha-numeric password (I don’t think EAS understands patterns).
  • Remote wipe/lock
  • Support for Exchange calendars
  • Auto-discovery of Exchange server (for Exchange 2007 and above)
  • Global address list

One significant gap in the Android platform for some enterprises is lack of encryption for data on the device and removable storage.  Sound familiar?  Well, maybe not removable storage part, but the iPhone first generation and iPhone 3G did not offer device encryption capabilities.  However, iPhone 3GS and above include device encryption (in hardware) that cannot be disabled.  Android 2.2 does not have this capability built-in and some OEMs are beginning to produce devices like the Motorola Droid Pro which promises to include device encryption in early 2011.

With the growing use of individual-liable (employee-owned) devices in the enterprise, the ability to segment corporate data from personal data is becoming more and more important.  One method is to use a ‘sandbox’ approach where all of the corporate data is contained within an application storage space.   This has several advantages:

  • Encryption can be applied to the application data independent of the operating system.
  • If the corporate data needs to be wiped, the application can be erased and the corporate data removed without affecting the content on the rest of the device.

Using a sandbox approach for securing Android data is emerging.  Mobile device management products such as Good Technology are beginning to offer support for Android.  Their Good for Enterprise-Android product supports an encrypted e-mail application which users their own server to connect to Exchange and other enterprise e-mail systems similar to RIM’s BlackBerry Enterprise Server (BES).  There is also an application called Touchdown by Nitrodesk.  It offers corporate e-mail/PIM (e-mail, calendar, contacts, tasks, and more) and can connect to Exchange using the ActiveSync protocol.  The application also offers encryption of the data on the device as well as SD cards.  It can be downloaded from Android Marketplace for US$20.

Based on the February 3, 2011 announcement by Google, Android 3.0 (Honeycomb) tablets will have support for encrypted storage.  While it is being targeted for the tablet market, the hope is that it will make its way to Android phones as well.  It will be interesting to see if such an open platform can rely upon itself to provide the kind of security that enterprises need.  Until then, those enterprises who desire or require encryption at rest should evaluate a sandbox approach to see if it will meet their security needs.

Warning: shameless plug.  The following is an article around Android security with a few quotable quotes from me.

Network World: Google Android security improves, but trails iPhone and BlackBerry

Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.

Explore posts in the same categories: Android, Individual Liable Devices, Mobile Security

Tags: , , , ,

Both comments and pings are currently closed.

One Comment on “Android In The Enterprise: Here We Go Again”

  1. Rui Pena Says:


    At EDP Distribuição, we are starting to test our WFM with Android devices. I agree with the points you remind us, but we found also some technical gaps that we are trying to solve, like the support for integrating GPS and routing applications, and of course the functionalities to use the Android Smartphone to program/read EIDs like, electronic meters.
    But of course there is a huge possibility to been taken, because android smartphones get the attention of almost all the market supppliers and the development in this area is incredible, giving us powerful cheap devices that beside all are very very sexy for the end users, helping the change managent tasks.


Comments are closed.

%d bloggers like this: